Solaris

From Davical
Jump to: navigation, search

Introduction

DAViCal is confirmed operational on Solaris 10 using the OpenCSW version of Apache2, PHP5 and PostgreSQL. The following PHP5 additional package modules are required php5_pgsql, php5_pdopgsql, php5_pdo, php5_iconv and php5_gettext.

The DAViCAL code is kept out of the /opt/csw/ directory tree by default. It is more appropriate to create a /opt/DAViCal directory and then place awl and davical as sub-directories (without a version suffix), ensuring that /opt/csw is not polluted.

Apache

The resultant Apache2 configuration at this position is is created in a file called DAViCal.conf (shown below) located in the apache2/etc directory. The file is included in the file http.conf with a statement Include etc/DAViCal.conf.

##-*- Apache -*- ##############################################################
#
# DAViCal Configuration for Apache - www.davical.org
#
###############################################################################
#
# Log:      2011-02-11    Jon
#           Broke DAViCal into separate config file for Apache2
#           Enable CardDav services
#
#           2011-02-04    Jon
#           Initial configuration test
#           CalDAV services only.
#
# Assumes:
#           DAViCal installed in /opt/DAViCal/davical
#                                /opt/DAViCal/awl
#
#           Apache2:  Enable mod_rewrite
#                     Enable mod_ssl2
#                     Enable mod_php5
#
# Serices:
#           Follow Apple conventions for Enterprise deployment.
#
#           Port 8008 - CalDAV + CardDAV service no SSL (Domain local only)
#           Port 8443 - CalDAV + CardDAV service with SSL (Internal/External no admin)
#
# Apache2:
#           Quick reminder on stop/start of apache2 following config change
#           Restart:    % svcadm restart network/cswapache2
#           Disable:    % svcadm disable network/cswapache2
#           Enable:     % svcadm enable network/cswapache2
#           Status:     % svcs -xv
#
# IP Filter:
#           External service access is controlled and needs to be configured.
#
#           /etc/ipf/ipf.conf [Global zone configuration]
#           To Reload rules:            ipf -Fa -f /etc/ipf/ipf.conf
#           To Monitor log:             ipmon -a
#           Summary of IPSec rules:     ipfstat -h -i
#
#           # ----------------------------------------------------------------------------
#           # DAViCAL services
#           # ----------------------------------------------------------------------------
#           # Allow access to the DAViCal server
#           # Port 8443 - CalDAV + CardDAV service with SSL (Internal/External no admin)
#           pass in quick on bge0 proto tcp from any to 192.168.1.x port = 8443 keep state
#           # Port 8008 - CalDAV + CardDAV service no SSL (Domain local only)
#           pass in quick on bge0 proto tcp from 192.168.1.0/24 to 192.168.1.x port = 8008 keep state
#
# Config:
#           Configure DAViCal PHP
#
#           File:       /opt/DAViCal/davical/config/config.php
#           Content:    <?php
#                       $c->domainname = "www.myaddress.com";
#                       $c->sysabbr     = 'www';
#                       $c->admin_email = 'admin@myaddress.com';
#                       $c->system_name = "CalDAV Server";
#                       // Our locale
#                       $c->default_locale = "en_GB.UTF-8";
#                       // Connect to a remote PostgreSQL server
#                       $c->pg_connect[] = 'hostaddr=192.168.1.y port=5432 dbname=davical user=davical_app';
#                       // Admin access restriction
#                       $c->restrict_admin_port = '8008';
#                       ?>
#
# Server Admin Notes:
#
#           Addressbook
#           ===========
#           Unlike with calendars, DAViCal does not (yet) create a default addressbook
#           resource for each new user, so you will have to do this manually for now.
#           From http://wiki.davical.org/w/CardDAV/Creating_addressbooks
#
#           * Go into the Admin UI in your browser
#             http://www.myaddress.com:8008/index.php
#             Login: admin + password
#           * Click on "List Principals" and find the principal you want to add a
#             calendar to.
#           * Down the bottom of the page click on "Create Collection"
#           * Give the collection a URL part such as "contacts" or "addressbook" in the
#             DAV Path field.
#           * Give the collection a friendly name such as "Andrew's Contacts" in the
#             Displayname field.
#           * Turn off "Is a Calendar" and turn on "Is an Addressbook".
#           * Click on "Create"
#           * Then grant permissions.
#
# Client Config Notes:
#           Note in all configurations then we use Apache2 re-write rules and this
#           changes the configuration of the client connections.
#
#           iPad Configuration:
#               Set through "iPhone Configuration Untility" (Enterprise)
#               - "CalDAV" is principle account.
#               - "Subscribed Calendars" are read only
#               - "CardDAV" is our address book
#
#               Server:             my.address.com
#               User Name:          me
#               Password:           secret
#               Description:        My Calendar
#               Advanced Settings: (Calendar no SSL)
#                   Use SSL:        Off
#                   Port:           8008
#                   Account URL:    http://my.address.com:8008/me/home
#               Advanced Setting: (Calendar with SSL)
#                   Use SSL:        On
#                   Port:           8443
#                   Account URL:    https://my.address.com:8443/me/home
#
#               CardDAV Settings:  (Card with SSL)
#                   Use SSL:        On
#                   Port:           8443
#                   Server:         my.address.com
#                   User Name:      me
#                   Password:       secret
#                   ** Do not configure explicit client connection allow to default **
#
#           Mozilla Lightening Config:
#               On the Network:     yes
#               Format:             CalDAV
#               Location:           https://my.address.com:8443/me/home
#               etc.
#
###############################################################################

#
# Port 8008 - CalDAV + CardDAV port without SSL
#
# DAViCal - CalDAV + CardDAV port without SSL
# Used for local hosts and adminstration access
#
Listen 8008
NameVirtualHost 192.168.1.x:8008
#
<VirtualHost 192.168.1.x:8008>
    # General setup of the virtual host
    DocumentRoot "/opt/DAViCal/davical/htdocs"
    Alias /images/ /opt/DAViCal/davical/htdocs/images/

    ServerName "www.myaddress.com:8008"
    ServerAdmin "admin@myaddress.com"
    # Virtual server logging
    ErrorLog "/opt/csw/apache2/var/log/error_8008.log"
    TransferLog "/opt/csw/apache2/var/log/access_8008.log"

    # Define the directory access
    <Directory /opt/DAViCal/davical/htdocs/>
        AllowOverride None
        Order allow,deny
        Allow from all

        # Default directory index.
        DirectoryIndex index.php
    </Directory>

    # Allow trailing names
    AcceptPathInfo On

    # Define the PHP5 configuration.
    php_value include_path "/opt/DAViCal/davical/inc:/opt/DAViCal/awl/inc"
    php_value magic_quotes_gpc 0
    php_value register_globals 0
    php_value error_reporting "E_ALL & ~E_NOTICE"
    php_value default_charset "utf-8"

    # Get rid of caldav.php in the path
    RewriteEngine On
    # Not if it's the root URL.
    RewriteCond %{REQUEST_URI} !^/$
    # Not if it explicitly specifies a .php program, stylesheet or image
    RewriteCond %{REQUEST_URI} !\.(php|css|js|png|gif|jpg)
    # Everything else gets rewritten to /caldav.php/...
    RewriteRule ^(.*)$ /caldav.php/$1  [NC,L]

</VirtualHost>

#
# Port 8443 - CalDAV + CardDAV port with SSL
#
# DAViCal - CalDAV + CardDAV port with SSL
# Used for internal and external access
#
Listen 8443
NameVirtualHost 192.168.1.x:8443
#
<VirtualHost 192.168.1.x:8443>
    # General setup of the virtual host
    DocumentRoot "/opt/DAViCal/davical/htdocs"
    ServerName "www.myaddress.com:8443"
    ServerAdmin "admin@myaddress.com"
    # Virtual server logging
    ErrorLog "/opt/csw/apache2/var/log/error_8443.log"
    TransferLog "/opt/csw/apache2/var/log/access_8443.log"

    # Turn on SSL for this port
    SSLEngine on
    SSLProtocol -all +SSLv3 +TLSv1
    SSLCipherSuite HIGH:!MEDIUM:!SSLv2:!EXP:!ADH:!aNULL:!eNULL:!NULL

    # Server Certificate
    SSLCertificateFile "/certs/3yr_cert.crt"
    SSLCertificateKeyFile "/certs/3yr_cert.key"
    SSLCertificateChainFile "/certs/3yr_ca-bundle.crt"

    # SSL Protocol Adjustments:
    BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

    # Per-Server Logging:
    CustomLog "/opt/csw/apache2/var/log/ssl_request_8443.log" \
            "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    # Define the directory access
    <Directory /opt/DAViCal/davical/htdocs/>
        AllowOverride None
        Order allow,deny
        Allow from all

        # Default directory index.
        DirectoryIndex index.php
    </Directory>

    # Allow trailing names
    AcceptPathInfo On

    # Define the PHP5 configuration.
    php_value include_path "/opt/DAViCal/davical/inc:/opt/DAViCal/awl/inc"
    php_value magic_quotes_gpc 0
    php_value register_globals 0
    php_value error_reporting "E_ALL & ~E_NOTICE"
    php_value default_charset "utf-8"

    # Get rid of caldav.php in the path
    RewriteEngine On
    # Not if it's the root URL.
    RewriteCond %{REQUEST_URI} !^/$
    # Not if it explicitly specifies a .php program, stylesheet or image
    RewriteCond %{REQUEST_URI} !\.(php|css|js|png|gif|jpg)
    # Filter all files that do not exist
    # Everything else gets rewritten to /caldav.php/...
    RewriteRule ^(.*)$ /caldav.php/$1  [NC,L]
</VirtualHost>

The DAViCal.conf uses the rewrite rules and mod_rewrite should be loaded. The rewrite rules allow iCal and cardDAV to work with iPad on SSL port 8443. cardDAV on iPad did not seem to work on port 8843 which was expected.

PostgreSQL

When creating the PostgreSQL database then DAViCal needs to operate in UTF-8, if your Locale is set to something different to UTF-8 then you need to make sure that the database is set to UTF-8 and matches a Sun Locale e.g. en_GB.UTF-8. After initialising the database then this can be changed by editing postgresql.conf before creating the davical database with bash dba/create-database.sh otherwise the creation fails; su to the postgres user before running the script. (I am not an expert, ususlly use MySQL, maybe somebody else can advise). Note the davical shell scripts are Bash and are not fully compatible with the Solaris Borne shell.

config.php

The file config.php file may stay in directory /opt/DAViCal/davical/config. If the SSL port is external facing then you can disable adminstrator access on port 8443 with $c->restrict_admin_port = '8008';. If Apache2 is running in a zone and the SQL server is on another host/zone then change the connection to access the remote database with $c->pg_connect[] = 'hostaddr=192.168.1.y port=5432 dbname=davical user=davical_app';. Set the Locale to the same value as the PostgreSQL database with $c->default_locale = "en_GB.UTF-8";.

Clients

DAViCal is confirmed operating correctly with iPad and Lightning via SSL connection. It is useful to have the 8008 port for local adminstration tasks and obviously to set up the users.